Announcement

Collapse
No announcement yet.

vbs script and RunAs command

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vbs script and RunAs command

    Hi

    In Windows 7 SP1 64 bit, as I should do to run a .vbs script with elevated privileges with RunAs command?

    Thanks

    Bye
    balubeto

  • #2
    Originally posted by balubeto View Post
    Hi

    In Windows 7 SP1 64 bit, as I should do to run a .vbs script with elevated privileges with RunAs command?

    Thanks

    Bye
    Do you mean "should I run scripts with elevated permissions"? If so, it really depends on what the script does?
    Or do you mean "how do I run scripts with elevated permissions"? If so, please use

    Thanks

    Bye
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Originally posted by Ossian View Post

      Do you mean "should I run scripts with elevated permissions"? If so, it really depends on what the script does?
      Or do you mean "how do I run scripts with elevated permissions"? If so, please use

      Thanks

      Bye
      Since I do not know the vbs language, as I should do to run this script

      Code:
      Option Explicit
      
      Dim objFSO
      Const ForAppending = 8
      set objFSO = CreateObject("Scripting.FileSystemObject")
      
      Dim bElevate: bElevate = False
      If WScript.Arguments.Count > 0 Then If WScript.Arguments(WScript.Arguments.Count-1) <> "|" then bElevate = True
      if bElevate Or WScript.Arguments.Count = 0 Then ElevateUAC
      
      UninstallProduct "Nitro PDF Professional 7" ' Pro 7 beta
      UninstallProduct "Nitro PDF Professional" ' Pro 6
      UninstallProduct "Nitro Pro 8"    ' Pro 8
      UninstallProduct "Nitro Pro 9"    ' Pro 9
      UninstallProduct "Nitro Pro 10"    ' Pro 10
      UninstallProduct "Nitro Pro"    ' Pro 7
      UninstallProduct "Nitro Reader 3"   ' Reader 3
      UninstallProduct "Nitro Reader 4"   ' Reader 4
      UninstallProduct "Nitro PDF Reader"   ' Reader 1
      UninstallProduct "Nitro PDF Reader 2"  ' Reader 2 beta
      UninstallProduct "Nitro Reader"    ' Reader 2
      UninstallProduct "Nitro PDF DMS"   ' DMS Beta  
      UninstallProduct "Nitro DMS"    ' DMS
      UninstallProduct "Nitro PDF Express"  ' Express 1
      UninstallProduct "Nitro PDF Express"  ' Express 2
      UninstallProduct "Nitro OCR Expansion"  ' OCR Expansion
      
      
      Dim WshShell, oExec
      Set WshShell = CreateObject("WScript.Shell")
      WshShell.Exec("REG DELETE ""HKCU\Software\Nitro PDF"" /f")
      WshShell.Exec("REG DELETE ""HKLM\Software\Nitro PDF"" /f")
      WshShell.Exec("REG DELETE ""HKCU\Software\Nitro"" /f")
      WshShell.Exec("REG DELETE ""HKLM\Software\Nitro"" /f")
      WshShell.Exec("REG DELETE ""HKLM\Software\Wow6432Node\Nitro PDF"" /f")
      WshShell.Exec("REG DELETE ""HKLM\Software\Wow6432Node\Nitro"" /f")
      WshShell.Exec("cmd /c rmdir /q /s ""%AppData%\Nitro PDF""")
      WshShell.Exec("cmd /c rmdir /q /s ""%AppData%\Nitro""")
      WshShell.Exec("cmd /c rmdir /q /s ""%ProgramData%\Nitro PDF""")
      WshShell.Exec("cmd /c rmdir /q /s ""%ProgramData%\Nitro""")
      
      
      Sub UninstallProduct(productName)
       Dim productCode, property, installer, BurnGUID
       
       Set installer = Wscript.CreateObject("WindowsInstaller.Installer")
      
       For Each productCode In installer.Products
        'WScript.Echo "Product Name " & productName & "Product Code " & productCode &" : " & LCase(installer.ProductInfo(productCode, "ProductName"))
        If InStr(1, LCase(installer.ProductInfo(productCode, "ProductName")), LCase(productName)) Then Exit For
       Next
       
       If Not IsEmpty(productCode) Then  
        Dim WshShell, UninstallString
        Set WshShell = CreateObject("WScript.Shell")
        if productName="Nitro Pro 9" Or productName="Nitro Pro 10" then
         WriteToLog("Try to find Burn GUID in SOFTWARE\Classes\Installer\Dependencies\"&productCode&"\Dependents")
         BurnGUID = getRegistryKey("SOFTWARE\Classes\Installer\Dependencies\"&productCode&"\Dependents", "")
      
         If IsEmpty(BurnGUID) Or BurnGUID="" Then
          WriteToLog("Try to find Burn GUID in SOFTWARE\Wow6432Node\Classes\Installer\Dependencies\"&productCode&"\Dependents")
          BurnGUID = getRegistryKey("SOFTWARE\Wow6432Node\Classes\Installer\Dependencies\"&productCode&"\Dependents", "")
         End If
         
         if Not IsEmpty(BurnGUID) And Not BurnGUID="" Then
          WriteToLog(productName&" Burn GUID:"&BurnGUID)
          'WriteToLog("Try to find UninstallString in SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"&BurnGUID)
          UninstallString = getRegistryValue("SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"&BurnGUID, "UninstallString", "")
          If IsEmpty(UninstallString) Or UninstallString="" Then
           'WriteToLog("Try to Burn UninstallString in SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"&BurnGUID)
           UninstallString = getRegistryValue("SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"&BurnGUID, "UninstallString", "")
          End If
          'WriteToLog("UninstallString:"&UninstallString)
          If Not IsEmpty(UninstallString) Then
           WriteToLog("Running command:"&UninstallString)
           WshShell.Run UninstallString, , True
          End If 
         else
          WriteToLog("msiexec /x " & productCode & " /qb")
          WshShell.Run "msiexec /x " & productCode & " /qb", , TRUE
         End If
        else
         WriteToLog("msiexec /x " & productCode & " /qb")
         WshShell.Run "msiexec /x " & productCode & " /qb", , TRUE
        End If
        
       End If
      End Sub
      
      
      Sub ElevateUAC
          Dim sParms, oShell
          sParms = " |"
          If WScript.Arguments.Count > 0 Then
                  For i = WScript.Arguments.Count-1 To 0 Step -1
                  sParms = " " & WScript.Arguments(i) & sParms
              Next
          End If
      
          Set oShell = CreateObject("Shell.Application")
       oShell.ShellExecute "cscript.exe", """" & WScript.ScriptFullName & """" & sParms, , "runas", 1
          WScript.Quit
      End Sub
      
      function getRegistryKey (strRegistryKey, strDefault )
          Dim value, strComputer
       strComputer = "."
       Const HKEY_LOCAL_MACHINE = &H80000002
       Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
       Dim oShell : Set oShell = CreateObject("WScript.Shell")
       Dim sPath, aSub, sKey
       oReg.EnumKey HKEY_LOCAL_MACHINE, strRegistryKey, aSub
       If IsArray( aSub ) Then
        For Each sKey In aSub
          value=sKey
          'wscript.echo "Burn GUID:"&sKey
        Next
        getRegistryKey=value
       else
        getRegistryKey= strDefault
       end if
      end function
      
      function getRegistryValue (strRegKey, strRegName, strDefault )
          Dim strComputer
       strComputer = "."
       Const HKEY_LOCAL_MACHINE = &H80000002
       
       Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
       Dim oShell : Set oShell = CreateObject("WScript.Shell")
       Dim  arrValueNames, arrTypes, sKey, strValueName, strValue
       oReg.EnumValues HKEY_LOCAL_MACHINE, strRegKey, arrValueNames, arrTypes
       
       If IsArray( arrValueNames ) Then
        For Each sKey In arrValueNames
         strValueName = sKey
         oReg.GetStringValue HKEY_LOCAL_MACHINE, strRegKey, strValueName, strValue
         if strValueName=strRegName then
          'WriteToLog("getRegistryValue: "&strValueName&" - "&strValue)
          getRegistryValue=strValue
         End If 
        Next
       else
        'WriteToLog("getRegistryValue Default")
        getRegistryValue= strDefault
       end if
      end function
      
      REM Function CheckArchitecture()
       REM Dim strValue,objShell
       REM Const strKey = "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE"
      REM Set objShell = CreateObject("WScript.Shell")
      REM strValue = objShell.RegRead(strKey)
       REM Select Case UCase(strValue)
       REM Case "X86"
           REM CheckArchitecture = 1
       REM Case "AMD64"
           REM CheckArchitecture = 0
       REM End Select
       REM End Function
       
       
      Sub WriteToLog(strLogMessage)
        Const ForAppending = 8
       
        dim shell, tempdir, strLogFileName, strLogEntryTime, objLogFileTransaction
        set shell = WScript.CreateObject("WScript.Shell")
        tempdir = shell.ExpandEnvironmentStrings("%temp%")
       
        strLogFileName = tempdir&"\Cleanup-burn.log"
        strLogEntryTime = NOW
       
        if objFSO.FileExists(strLogFileName) Then
        Set objLogFileTransaction =objFSO.OpenTextFile(strLogFileName,ForAppending)
        Else
        Set objLogFileTransaction =objFSO.CreateTextFile(strLogFileName)
        End if
        
        objLogFileTransaction.WriteLine strLogEntryTime&" "&strLogMessage
        objLogFileTransaction.Close
        WScript.StdOut.WriteLine strLogMessage
        WScript.StdOut.WriteLine ""
      End Sub
      with elevated permissions?

      Thanks

      Bye
      balubeto

      Comment


      • #4
        You could always try running it without elevated permissions and if (and only if) it fails, run it with.

        I presume you have checked the script and made sure it does not, for example, contain "objVolume.Format("NTFS")" anywhere, or any other unexpected surprises
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Originally posted by balubeto View Post
          Hi

          In Windows 7 SP1 64 bit, as I should do to run a .vbs script with elevated privileges with RunAs command?

          Thanks

          Bye

          ) Do you manually start the script? Then you can try the sample script you showed in your second post (just double click on the vbs file, it re-launces itself elevated). But you still have be logged in to Windows with an admin account to be able to uninstall most applications.

          Alternatively, you could add "Run as admin" to the 'right click menu' for vbs files on each computer.

          ) If the script is auto launched by a GPO, then make it run as computer Start-up Script. The script will then be executed by the 'System account' (Neither the System account nor the built-in Administrator account are subject to UAC).

          Last edited by Rems; 30th May 2015, 10:15.

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            From the command prompt I tried to run this command:

            Code:
            C:\Windows\system32>runas /profile /user:Administrator "cscript.exe C:\Users\Public\Downloads\cleanup\cleanup-oct17.vbs
            Enter the password for Administrator:
            but I get this error:

            Code:
            Attempting to start the cscript.exe C:\Users\Public\Downloads\cleanup\cleanup-oct17.vbs as "VMWIN7SP1ENTX64\Administrator" user ...
            RUNAS ERROR: Unable to run - cscript.exe C:\Users\Public\Downloads\cleanup\cleanup-oct17.vbs
            1327: Logon failure: user account restriction. Possible causes could be: the password field blank not allowed, restrictions on access hours or application of policy restrictions.
            Why?

            By case, I should enable the hidden Administrator account?

            Thanks

            Bye
            balubeto

            Comment


            • #7
              Originally posted by balubeto View Post

              By case, I should enable the hidden Administrator account?
              Why? the admin account launching the script does not necessarily have to be thé built-in Administrator account. You can use any account that is a member of the local group Administrators.

              The account you use for this should of course be an enabled account and the password should not be expired. For the Runas service it is required that this admin account do has a password.
              The account may or not necessary needs elevation to launch the script.

              If you intend to run this script using the built-in administrator account (or the system account) then you better uncomment the line:
              REM if bElevate Or WScript.Arguments.Count = 0 Then ElevateUAC

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment

              Working...
              X